Detecting Car Hacks

Implementing an effective detection system for attacks against cars may wind up being far more difficult than expected.

PUNTA CANA–The car that you drive every day isn’t really a car. It’s mostly a collection of small computers with a bunch of wires and metal and plastic attached. And like any other computer, the ones in your car can be hacked, as researchers Charlie Miller and Chris Valasek have demonstrated in recent months. That’s the easy part, as it turns out. Implementing an effective detection system for their attacks may wind up being far more difficult.

The idea that the on-board computers in vehicles can be hacked isn’t a new one. Researchers have been taking advantage of weaknesses in the electronic control units (ECU) for several years now. Miller and Valasek last year published a detailed paper showing a series of new attacks they developed that enabled them to control the steering, braking and other functions in some cars while they were driving.

One of the ways that they were able to take control of the systems in the cars was by sending large numbers of controller area network (CAN) packets to the system. The idea is to have their packets win a race to the computer so that the ECU accepts their instructions rather than the legitimate ones. Miller and Valasek said that detecting their attacks is simple and easy to do.

“As long as you’re sitting on the network, detecting these things is so easy and you can shut them down,” said Valasek, director of security intelligence at IOActive. “You know what the car should be doing. It’s always spitting out information.”

One straightforward method for detecting their attacks would be simple anomaly detection. The system could check for unusually large numbers of packets and alert the driver. Or if it saw diagnostic packets showing up while the car was in motion–something that wouldn’t happen under normal circumstances–it would raise the alarm. The problem, though, is that auto manufacturers aren’t very keen on putting anything that isn’t completely necessary into their vehicles. The auto business has tiny margins and is brutally competitive, so adding more cost to a vehicle is frowned upon.

“Auto manufacturers don’t like adding complexity to their cars,” Valasek said after he and Miller delivered a talk on the topic at the Kaspersky Security Analyst Summit here Tuesday. “If you’re trying to tell them to change the architecture, you’d get massive pushback.”

Despite a huge amount of press around their car-hacking exploits, Miller and Valasek have had virtually no contact with the manufacturers. They haven’t been asked to help design detection or prevention systems for their attacks or even to explain them in detail to the manufacturers. And auto manufacturers are loathe to discuss their future product plans, so it’s unclear whether there are any protection methods on the horizon.

“We have no idea what they’re doing. They could be building something,” Miller said. “But it could be years down the line.”

Suggested articles


  • dakng on

    This is nothing new for auto manufactures have been working and embedding black boxes in cars for nearly 10 years. This data can be used not only to figure out the events right up to the accident such as the speed the car way traveling for if the brakes were applied prior to impact. This same black box can be used by law enforcement agencies to track vehicle movements not just for manufacturer diagnostics. If they can track you then conceivably one could also gain access to these network enabled devices. This is even outside the cars that now dynamically pull data such a map and traffic data from the internet.
  • on

    This device is useless, I am in the business of reverse engineering automotive electronics, and we build devices to remotely control functions of your vehicle. These guys are taking this too far and like everyone else trying to fear people into buying there useless product (IT IS GARBAGE). Get someone like me who does this for a living and I will render this device useless with the snip of the high speed can line at the obd2 connector, and then I would leave their device attached to make the car owner feel safe because this thing is still hooked to their car. But now it will only be reading low speed low level messages being that the high speed can line is disabled (high speed line transfers all messages being sent from engine,trans.,ABS,steering module restraint module all safety oriented modules). Before I started I was an automotive electronic diagnostic tech for 14 years. I completely understand how these modules communicate.They are not doing anything special. I can take anyone with no experience with a laptop and a 50.00 interface and have them doing the same thing these guys are doing within an hour. The only way to prevent a true malicious hack is to encrypt can messages . If you are someone that is actually worried about this (because cars are being hacked everyday lol!)pay your local mechanic to splice in a plug so you can remove the obd 2 connector from your vehicle and put it in your house till you need to head to the shop for repairs. Being that it would be a different plug the attacker wont be able to find pin 14 and pin 6 of the can lines. HACK PREVENTED FOR 5 DOLLARS!! "im truly laughing right now that i even had to take the time to type this". HACKING THE NETWORK OF YOUR VEHICLE IS A HOBBY !!!!. Also almost all vehicles from 2009 and up use a power module or what they call an intergrated power module this device is the gateway for vehicle communications. Meaning that a hacker would need hours worth of access under dash and under the hood to hack into up to 3 networks that are running on all of our vehicles now. So if you plug their device into the diagnostic port it is "ABSOLUELY WORTHLESS" look for my videos soon about this topic on youtube and our website

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.